Engage With AHA Solutions
Resource:
Delivering High Tech, Patient-Centered Care with Secure One-Touch Desktop Roaming at Memorial Healthcare
At Memorial Healthcare, technology is a means to better patient care. With Imprivata OneSign, they were able to secure unattended desktops, enable One-Touch Desktop Roaming and implement strong, multifactor authentication for clinicians.
Memorial Healthcare, located in Owosso Michigan, is right at the forefront of using technology to enhance patient care. For eight years, Memorial Healthcare has been voted one of top 100 “Most Wired Hospitals” by Hospital and Health Networks.
Technology is not an end in itself, but rather a means to better patient care for Memorial Healthcare. This 150 bed hospital sees 25,000 emergency room visits a year, and more than 196,000 outpatients. As a Planetree hospital, it embraces a patient-centered model of care. Says Frank Fear, VP of Information Services for the hospital, “We want to be a national model for excellence in personalized health care. We consider this objective with every new initiative.” Since 2005, Memorial Healthcare has relied on Imprivata OneSign® to give its physicians and clinicians streamlined access to essential technologies.
Business Challenge: Combining Fast Access and Security
As a hospital dedicated to adopting technology in support of patient care, Memorial Healthcare must balance ease of access with protecting patient data. Clinicians need fast access to applications to deliver ‘real-time’ patient care. But the hospital must protect the integrity and privacy of patient health records.
Data security and privacy are a real challenge in a highly mobile environment like a hospital, where clinicians move between patient rooms and shared workstations throughout the day, handling many different patient records. Clinicians focused on patients or handling emergencies are apt to forget to ‘log off’ from a session on a shared workstation—potentially leaving a patient record exposed to the next passerby. The unsecured workstation is not only a security risk, it poses a patient safety risk as well by allowing the potential for one clinician to chart under another’s open session.
Memorial Healthcare knew it had to provide a secure, roaming desktop environment that follows the user through the day, while automatically locking down unattended workstations.
The Imprivata OneSign Solution
After a thorough search of single sign-on solutions, the Information Services team at Memorial Healthcare selected Imprivata® OneSign in 2005. With OneSign, they implemented single sign-on to health care applications, as well as strong authentication using a combination of proximity badges and fingerprint biometrics. These measures offered both the security and convenience. In addition, Imprivata OneSign has helped Memorial Healthcare demonstrate compliance with comprehensive audit and reporting of application access.
While Imprivata met Memorial’s immediate needs in 2005, it has adapted to changing requirements in the years since initial deployment. For example, the hospital has taken advantage of Imprivata’s ability to integrate with desktop virtualization using VMware View, support varied strong authentication techniques, and offer multiple solutions to locking down desktops. Says Frank Fear, “We have a great relationship with Imprivata. It has given us a strong foundation for managing authentication even as we change and grow.”
The Award-Winning Results
In its initial implementation, Imprivata OneSign provided strong authentication and single sign-on to a variety of MEDITECH applications. With active proximity cards, workstations shut down as soon as clinicians walked away, providing instant lockdown and increased security. Clinicians could work more efficiently, without the password headaches and repeated logins of the past, and with a desktop that followed them through the day.
The project was so successful that InfoWorld gave Memorial Healthcare an award for one of the Top 100 “Most Innovative Projects” in 2006.
A Long-term Foundation for Authentication
Memorial Healthcare continues to expand and innovate. In 2011, the hospital is creating a new, patient-centric obstetrics unit, with Computerized Physician Order Entry (CPOE) and Electronic Physician Documentation applications, an entertainment & information system for patients, and secure one-touch roaming for clinicians.
Imprivata OneSign remains an important part of the new environment, with some changes and refinement in authentication policies and processes. For example:
- Strong, multifactor authentication: Memorial is changing from active proximity badges, with their embedded batteries, to using existing building access cards and card readers. The first time a clinician logs in during their shift, they use a password in addition to tapping the identity card. From then on, clinicians simply tap the reader with their card for “one-touch” authentication. Physicians do not need to carry extra badges for authentication, while the IT group no longer has to worry about provisioning and maintaining the active proximity cards.
- One-Touch Desktop Roaming: Memorial Healthcare is now using VMware View and Imprivata OneSign® Virtual Desktop Access which creates virtualized desktops managed within the central data center. These desktops follow each user during the course of their shifts, and are removed from memory when the shift is over.
- Secure unattended desktops: OneSign Secure Walk-Away® uses facial recognition technology to automatically lock down the workstation when the authorized user is not present, without requiring an explicit logout.
Imprivata OneSign remains an important part of the patient care environment. Says Fear, “Using Imprivata OneSign and VMware View, our clinicians can access patient records quickly and securely with the tap of a card, so they can focus on delivering highly personalized patient care. And with OneSign Secure Walk-Away always watching over the shared workstations, we don’t have to worry about patient data being left unattended on shared workstations.”
